vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: reject OAuth tokens for disabled users

Browse source
This commit is contained in:
UmakanthKaspa 2026-02-27 16:00:29 +00:00
parent 3c027bdc58
commit d675d05010
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
frappe/auth.py
View file

@ -683,7 +683,10 @@ def validate_oauth(authorization_header):
uri, http_method, body, headers, required_scopes
)
if valid:
frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user"))
user = frappe.db.get_value("OAuth Bearer Token", token, "user")
if not frappe.db.get_value("User", user, "enabled"):
frappe.throw(_("User {0} is disabled").format(user), frappe.AuthenticationError)
frappe.set_user(user)
frappe.local.form_dict = form_dict
except AttributeError:
pass